グループポリシー (GPO)
グループポリシーは、Microsoft Windows Active Directoryの機能の1つで、管理者がネットワーク全体のユーザーとコンピューターの構成を中央の場所から管理できるようにします。
グループポリシー(GPO)は、Windows環境の設定を一元管理するための仕組みです。パスワードの強度設定から、各パソコンのデスクトップ壁紙の強制指定まで、多岐にわたる制御が可能です。
graph LR
Center["グループポリシー (GPO)"]:::main
Pre_active_directory["active-directory"]:::pre --> Center
click Pre_active_directory "/terms/active-directory"
Rel_active_directory["active-directory"]:::related -.-> Center
click Rel_active_directory "/terms/active-directory"
classDef main fill:#7c3aed,stroke:#8b5cf6,stroke-width:2px,color:white,font-weight:bold,rx:5,ry:5;
classDef pre fill:#0f172a,stroke:#3b82f6,color:#94a3b8,rx:5,ry:5;
classDef child fill:#0f172a,stroke:#10b981,color:#94a3b8,rx:5,ry:5;
classDef related fill:#0f172a,stroke:#8b5cf6,stroke-dasharray: 5 5,color:#94a3b8,rx:5,ry:5;
linkStyle default stroke:#4b5563,stroke-width:2px;
🧒 5歳でもわかるように説明
📜 Imagine a school where the principal can write a set of rules on a master board, and those rules automatically appear in everyone's notebook. Group Policy is that board—it's how a boss sets the 'rules of the road' for every computer in the company at once.
🤓 Expert Deep Dive
Group Policy relies on the Client-Side Extensions (CSE) on each Windows machine to pull and apply settings from the KDC/Domain Controller. GPOs are stored in two parts: the Group Policy Container (GPC) in Active Directory (stores metadata) and the Group Policy Template (GPT) in the SYSVOL share (stores actual settings files like Registry.pol). For troubleshooting, administrators use tools like gpresult and rsop.msc to determine the Resultant Set of Policy. Modern cloud-managed environments often supplement or replace traditional GPOs with Microsoft Intune (MDM) policies, which use a different delivery mechanism but achieve similar configuration goals.